From 30b4092e586dfcb4ed81eff1f4f824d6b870cefb Mon Sep 17 00:00:00 2001 From: Knative Automation Date: Tue, 17 Mar 2026 02:22:44 +0000 Subject: [PATCH] upgrade to latest dependencies bumping golang.org/x/mod 27761a2...1ac721d: > 1ac721d go.mod: update golang.org/x dependencies > fb1fac8 all: upgrade go directive to at least 1.25.0 [generated] bumping golang.org/x/sys fc646e4...eaaaaee: > eaaaaee windows/registry: correct KeyInfo.ModTime calculation > 942780b cpu: darwin/arm64 feature detection > acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs > 3687fbd cpu: better defaults on darwin ARM64 > 48062e9 plan9: change Note to alias syscall.Note > 4f23f80 windows: change Signal to alias syscall.Signal > 7548802 all: upgrade go directive to at least 1.25.0 [generated] bumping knative.dev/serving f698e61...10d950c: > 10d950c Update net-contour nightly (# 16468) > 1387a58 Update net-istio nightly (# 16467) > d72e54b add an annotation to the kingress mapping tags to hostnames (# 16455) > ca22d12 Add endpointslices/restricted permission to ClusterRole (# 16465) > 4d0ed76 Update net-gateway-api nightly (# 16461) > 07c6cde Update net-kourier nightly (# 16466) > b3d77f2 Switch e2e testing assertions to use EndpointSlices (# 16454) > 2b4ef90 Migrate autoscaler stat forwarder to use EndpointSlices (# 16448) > 18c0474 upgrade to latest dependencies (# 16464) bumping golang.org/x/tools 009367f...24a8e95: > 24a8e95 go.mod: update golang.org/x dependencies > 3dd57fb gopls/internal/mcp: refactor unified diff generation > fcc014d cmd/digraph: fix package doc > 39f0f5c cmd/stress: add -failfast flag > 063c264 gopls/test/integration/misc: add diagnostics to flaky test > deb6130 gopls/internal/golang: fix hover panic in raw strings with CRLF > 5f1186b gopls/internal/analysis/driverutil: remove unnecessary new imports > ff45494 go/analysis: expose GoMod etc. to Pass.Module > 62daff4 go/analysis/passes/inline: fix panic in inlineAlias with instantiated generic alias > fcb6088 x/tools: delete obsolete code > c3b48f5 gopls: update to go1.26 > 30b6a4e internal/diff: unified diffs should use line diffs > 6cbcf5a go/analysis/passes/modernize: atomic: use new atomic types > 07ce8ce go/ssa: emit short-circuit control flow for boolean switch cases > e89f568 gopls/internal/lsprpc: increase test timeout 1s -> 10s > 49cd9d8 gopls/internal/protocol: add lazy enum form input type > b365b0a go/analysis/passes/modernize: rangeint: omit unneeded type conversion > 83aca55 go/analysis/passes/modernize: fmtappendf: remove whitespace > 6a2886b go/packages: explicitly disable collecting vcs information when not needed > f1f4626 go/analysis/passes/modernize: reflecttypefor: simplify .Elem() > 0c3890d go/analysis/passes: fix stringscut variable shadowing > a63d2a1 gopls/internal/analysis: add new Analyzer writestring > 3c6f94a go/analysis/passes: fmtappendf: skip if formatter could produce empty string > 64804da go/analysis/passes/modernize: slicescontains: omit fix with empty body > da12812 go/analysis/passes/modernize: fix stringscut false positive for unguarded afterSlice > 7e46809 go/analysis/passes/modernize: stringsbuilder: allow multiple rvalue uses > 55840e9 internal/astutil: missing test for CL 748480 > aa7725f gopls/internal/server: send notification when go.work file changes > 01a0310 gopls/internal/server: limit checkGoModDeps during bulk operations > 13444bf gopls/integration/govim: deal with breaking change to gs CLI > dd752d6 gopls/internal/test/integration/completion: fix flaky TestUnimportedCompletion_VSCodeIssue3365 > a5d96d4 gopls/internal/test/integration/completion: fix flaky TestUnimportedCompletion_VSCodeIssue3365 > 981d752 internal/astutil: fix \r bug in PosInStringLiteral > 64da537 gopls/codeaction: support struct tag dialog > ca2bd77 analysisflags: quote analyzer name in enable usage > 31904d1 refactor/satisfy: fix panic on interface literals > c48686b go/analysis/passes/modernize: skip func literals with return values in waitgroup > 5c2a459 go/analysis/passes/modernize: don't consider selects for min/max pass > b9ba349 internal/mcp: partial revert of go.dev/cl/731503 > e8d9b54 gopls/internal/test/marker: use openbsd/riscv64 in OS/ARCH suffix test > 20b0bd9 go/analysis/unitchecker: update go fix, go vet error message > 8151966 gopls/internal/server: add telemetry for vulncheck_prompt > 67b6d4f go/analysis/passes/modernize: fix invalid rewrite of reflect.TypeOf(nil) > 43ba126 gopls: fix typos > d332078 go/analysis/passes/modernize: leave out space in stringsbuilder edit > 001923f go/packages: aggregate chunked files in Load > d2fc364 internal/diff: remove myers' diff implementation > a8a17b7 gopls/test/imports_test: add logging for flaky test > 5cd825b gopls/bench: disable one DidChange benchmark > f644bf7 all: upgrade go directive to at least 1.25.0 [generated] > cab62c1 gopls/internal/debug: replace timeUnits with time.Duration bumping golang.org/x/net 60b3f6f...316e20c: > 316e20c go.mod: update golang.org/x dependencies > 9767a42 internal/http3: add support for plugging into net/http > 4a81284 http2: update docs to disrecommend this package > dec6603 dns/dnsmessage: reject too large of names early during unpack > 8afa12f http2: deprecate write schedulers > 38019a2 http2: add missing copyright header to export_test.go > 039b87f internal/http3: return error when Write is used after status 304 is set > 6267c6c internal/http3: add HTTP 103 Early Hints support to ClientConn > 591bdf3 internal/http3: add HTTP 103 Early Hints support to Server > 1faa6d8 internal/http3: avoid potential race when aborting RoundTrip > 8d297f1 http2: Move most tests from the http2 package to the http2_test package. > 3eb9327 http2: do not retry RoundTrip after peer sends a stream protocol error bumping knative.dev/pkg b3fe2e5...5d1c12d: > 5d1c12d Bump the golang-x group with 2 updates (# 3334) > 5834c5d Add TLS support to Prometheus metrics server (# 3322) bumping golang.org/x/text 817fba9...7ca2c6d: > 7ca2c6d go.mod: update golang.org/x dependencies > 73d1ba9 all: upgrade go directive to at least 1.25.0 [generated] bumping golang.org/x/term 3aff304...9d2dc07: > 9d2dc07 go.mod: update golang.org/x dependencies > d954e03 all: upgrade go directive to at least 1.25.0 [generated] Signed-off-by: Knative Automation --- go.mod | 16 +- go.sum | 32 +-- vendor/golang.org/x/net/http2/http2.go | 16 +- vendor/golang.org/x/net/http2/server.go | 2 + vendor/golang.org/x/net/http2/transport.go | 8 - vendor/golang.org/x/net/http2/writesched.go | 6 + .../net/http2/writesched_priority_rfc7540.go | 5 + .../x/net/http2/writesched_random.go | 2 + .../golang.org/x/sys/plan9/syscall_plan9.go | 8 +- vendor/golang.org/x/sys/unix/ztypes_linux.go | 229 ++++++++++-------- vendor/golang.org/x/sys/windows/aliases.go | 1 + .../golang.org/x/sys/windows/registry/key.go | 15 +- .../x/sys/windows/syscall_windows.go | 14 -- .../golang.org/x/tools/go/packages/golist.go | 33 ++- .../x/tools/go/packages/packages.go | 4 + .../metrics/prometheus/server.go | 125 +++++++++- .../metrics/prometheus_enabled.go | 11 +- vendor/modules.txt | 26 +- 18 files changed, 365 insertions(+), 188 deletions(-) diff --git a/go.mod b/go.mod index 72879ba67..58f611e51 100644 --- a/go.mod +++ b/go.mod @@ -14,8 +14,8 @@ require ( k8s.io/client-go v0.35.2 k8s.io/code-generator v0.35.2 knative.dev/hack v0.0.0-20260310014051-c448fdb867e2 - knative.dev/pkg v0.0.0-20260314220421-b3fe2e572de3 - knative.dev/serving v0.48.1-0.20260313135630-f698e61bf739 + knative.dev/pkg v0.0.0-20260316154451-5d1c12d99335 + knative.dev/serving v0.48.1-0.20260316224151-10d950c3a0d7 ) require ( @@ -76,15 +76,15 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.33.0 // indirect - golang.org/x/net v0.51.0 // indirect + golang.org/x/mod v0.34.0 // indirect + golang.org/x/net v0.52.0 // indirect golang.org/x/oauth2 v0.35.0 // indirect golang.org/x/sync v0.20.0 // indirect - golang.org/x/sys v0.41.0 // indirect - golang.org/x/term v0.40.0 // indirect - golang.org/x/text v0.34.0 // indirect + golang.org/x/sys v0.42.0 // indirect + golang.org/x/term v0.41.0 // indirect + golang.org/x/text v0.35.0 // indirect golang.org/x/time v0.10.0 // indirect - golang.org/x/tools v0.42.0 // indirect + golang.org/x/tools v0.43.0 // indirect gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect diff --git a/go.sum b/go.sum index 1ca18d987..d8ed51363 100644 --- a/go.sum +++ b/go.sum @@ -182,14 +182,14 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= -golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= +golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI= +golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= -golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= +golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0= +golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw= golang.org/x/oauth2 v0.35.0 h1:Mv2mzuHuZuY2+bkyWXIHMfhNdJAdwW3FuWeCPYN5GVQ= golang.org/x/oauth2 v0.35.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -200,22 +200,22 @@ golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= -golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= -golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg= -golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM= +golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo= +golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw= +golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU= +golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= -golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= +golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8= +golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA= golang.org/x/time v0.10.0 h1:3usCWA8tQn0L8+hFJQNgzpWbd89begxN66o1Ojdn5L4= golang.org/x/time v0.10.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k= -golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0= +golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s= +golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0= golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= @@ -265,10 +265,10 @@ knative.dev/hack v0.0.0-20260310014051-c448fdb867e2 h1:b35SGLEp03D8oGf8mE9HBt3yf knative.dev/hack v0.0.0-20260310014051-c448fdb867e2/go.mod h1:L5RzHgbvam0u8QFHfzCX6MKxu/a/gIGEdaRBqNiVbl0= knative.dev/networking v0.0.0-20260313010219-0055e9277729 h1:sF6e1RnluIKCiZBPrz7BxIWkAkLU8hiSSK+1NusRmGM= knative.dev/networking v0.0.0-20260313010219-0055e9277729/go.mod h1:72PhQ+qnOAwz9FFK8y301eWuiQ6vD9qVUFnDBjNhju8= -knative.dev/pkg v0.0.0-20260314220421-b3fe2e572de3 h1:+Lf0Ey1i+RfFQqcQqgE06mZH1oEGDRnYCjmLvZlkCT8= -knative.dev/pkg v0.0.0-20260314220421-b3fe2e572de3/go.mod h1:DKf80HbmuintxxLmzOCxUDgfNS7hz/UHJQTmKmg2qL8= -knative.dev/serving v0.48.1-0.20260313135630-f698e61bf739 h1:4cJifaOgLRMKfwZhV0sfUtVur0Ks/mQS6k6pKHYhmZ4= -knative.dev/serving v0.48.1-0.20260313135630-f698e61bf739/go.mod h1:YXhCh+8z9p1v3txp7U0LVPS73f4Pwrujqcpf/rHGhHY= +knative.dev/pkg v0.0.0-20260316154451-5d1c12d99335 h1:OpR5LNa0m34T8KOzGLwObjmMkxuuenSFU51oiNcfKRw= +knative.dev/pkg v0.0.0-20260316154451-5d1c12d99335/go.mod h1:o/XS1E/hYh9IR8deEEiJG4kKtQfqnf9Gwt5bwp2x4AU= +knative.dev/serving v0.48.1-0.20260316224151-10d950c3a0d7 h1:azehTw7pMvOK+Ijq7AwKRX5/0flM6O0khNTpFyUgLoY= +knative.dev/serving v0.48.1-0.20260316224151-10d950c3a0d7/go.mod h1:BJPmLXiP75SFAMo+xzU8SHcxmTbqYEbZk5xlgopye5g= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= diff --git a/vendor/golang.org/x/net/http2/http2.go b/vendor/golang.org/x/net/http2/http2.go index 6320f4eb4..0b99d832f 100644 --- a/vendor/golang.org/x/net/http2/http2.go +++ b/vendor/golang.org/x/net/http2/http2.go @@ -4,13 +4,17 @@ // Package http2 implements the HTTP/2 protocol. // -// This package is low-level and intended to be used directly by very -// few people. Most users will use it indirectly through the automatic -// use by the net/http package (from Go 1.6 and later). -// For use in earlier Go versions see ConfigureServer. (Transport support -// requires Go 1.6 or later) +// Almost no users should need to import this package directly. +// The net/http package supports HTTP/2 natively. // -// See https://http2.github.io/ for more information on HTTP/2. +// To enable or disable HTTP/2 support in net/http clients and servers, see +// [http.Transport.Protocols] and [http.Server.Protocols]. +// +// To configure HTTP/2 parameters, see +// [http.Transport.HTTP2] and [http.Server.HTTP2]. +// +// To create HTTP/1 or HTTP/2 connections, see +// [http.Transport.NewClientConn]. package http2 // import "golang.org/x/net/http2" import ( diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index 7ef807f79..65da5175c 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -164,6 +164,8 @@ type Server struct { // NewWriteScheduler constructs a write scheduler for a connection. // If nil, a default scheduler is chosen. + // + // Deprecated: User-provided write schedulers are deprecated. NewWriteScheduler func() WriteScheduler // CountError, if non-nil, is called on HTTP/2 server errors. diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index 8cf64b78e..2e9c2f6a5 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -712,10 +712,6 @@ func canRetryError(err error) bool { return true } if se, ok := err.(StreamError); ok { - if se.Code == ErrCodeProtocol && se.Cause == errFromPeer { - // See golang/go#47635, golang/go#42777 - return true - } return se.Code == ErrCodeRefusedStream } return false @@ -3233,10 +3229,6 @@ func (gz *gzipReader) Close() error { return gz.body.Close() } -type errorReader struct{ err error } - -func (r errorReader) Read(p []byte) (int, error) { return 0, r.err } - // isConnectionCloseRequest reports whether req should use its own // connection for a single request and then close the connection. func isConnectionCloseRequest(req *http.Request) bool { diff --git a/vendor/golang.org/x/net/http2/writesched.go b/vendor/golang.org/x/net/http2/writesched.go index 7de27be52..551545f31 100644 --- a/vendor/golang.org/x/net/http2/writesched.go +++ b/vendor/golang.org/x/net/http2/writesched.go @@ -8,6 +8,8 @@ import "fmt" // WriteScheduler is the interface implemented by HTTP/2 write schedulers. // Methods are never called concurrently. +// +// Deprecated: User-provided write schedulers are deprecated. type WriteScheduler interface { // OpenStream opens a new stream in the write scheduler. // It is illegal to call this with streamID=0 or with a streamID that is @@ -38,6 +40,8 @@ type WriteScheduler interface { } // OpenStreamOptions specifies extra options for WriteScheduler.OpenStream. +// +// Deprecated: User-provided write schedulers are deprecated. type OpenStreamOptions struct { // PusherID is zero if the stream was initiated by the client. Otherwise, // PusherID names the stream that pushed the newly opened stream. @@ -47,6 +51,8 @@ type OpenStreamOptions struct { } // FrameWriteRequest is a request to write a frame. +// +// Deprecated: User-provided write schedulers are deprecated. type FrameWriteRequest struct { // write is the interface value that does the writing, once the // WriteScheduler has selected this frame to write. The write diff --git a/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go b/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go index 7803a9261..c3d3e9bed 100644 --- a/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go +++ b/vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go @@ -14,6 +14,8 @@ import ( const priorityDefaultWeightRFC7540 = 15 // 16 = 15 + 1 // PriorityWriteSchedulerConfig configures a priorityWriteScheduler. +// +// Deprecated: User-provided write schedulers are deprecated. type PriorityWriteSchedulerConfig struct { // MaxClosedNodesInTree controls the maximum number of closed streams to // retain in the priority tree. Setting this to zero saves a small amount @@ -55,6 +57,9 @@ type PriorityWriteSchedulerConfig struct { // NewPriorityWriteScheduler constructs a WriteScheduler that schedules // frames by following HTTP/2 priorities as described in RFC 7540 Section 5.3. // If cfg is nil, default options are used. +// +// Deprecated: The RFC 7540 write scheduler has known bugs and performance issues, +// and RFC 7540 prioritization was deprecated in RFC 9113. func NewPriorityWriteScheduler(cfg *PriorityWriteSchedulerConfig) WriteScheduler { return newPriorityWriteSchedulerRFC7540(cfg) } diff --git a/vendor/golang.org/x/net/http2/writesched_random.go b/vendor/golang.org/x/net/http2/writesched_random.go index f2e55e05c..d5d4e2214 100644 --- a/vendor/golang.org/x/net/http2/writesched_random.go +++ b/vendor/golang.org/x/net/http2/writesched_random.go @@ -10,6 +10,8 @@ import "math" // priorities. Control frames like SETTINGS and PING are written before DATA // frames, but if no control frames are queued and multiple streams have queued // HEADERS or DATA frames, Pop selects a ready stream arbitrarily. +// +// Deprecated: User-provided write schedulers are deprecated. func NewRandomWriteScheduler() WriteScheduler { return &randomWriteScheduler{sq: make(map[uint32]*writeQueue)} } diff --git a/vendor/golang.org/x/sys/plan9/syscall_plan9.go b/vendor/golang.org/x/sys/plan9/syscall_plan9.go index d079d8116..761912237 100644 --- a/vendor/golang.org/x/sys/plan9/syscall_plan9.go +++ b/vendor/golang.org/x/sys/plan9/syscall_plan9.go @@ -19,13 +19,7 @@ import ( // A Note is a string describing a process note. // It implements the os.Signal interface. -type Note string - -func (n Note) Signal() {} - -func (n Note) String() string { - return string(n) -} +type Note = syscall.Note var ( Stdin = 0 diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index c1a467017..45476a73c 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -593,110 +593,115 @@ const ( ) const ( - NDA_UNSPEC = 0x0 - NDA_DST = 0x1 - NDA_LLADDR = 0x2 - NDA_CACHEINFO = 0x3 - NDA_PROBES = 0x4 - NDA_VLAN = 0x5 - NDA_PORT = 0x6 - NDA_VNI = 0x7 - NDA_IFINDEX = 0x8 - NDA_MASTER = 0x9 - NDA_LINK_NETNSID = 0xa - NDA_SRC_VNI = 0xb - NTF_USE = 0x1 - NTF_SELF = 0x2 - NTF_MASTER = 0x4 - NTF_PROXY = 0x8 - NTF_EXT_LEARNED = 0x10 - NTF_OFFLOADED = 0x20 - NTF_ROUTER = 0x80 - NUD_INCOMPLETE = 0x1 - NUD_REACHABLE = 0x2 - NUD_STALE = 0x4 - NUD_DELAY = 0x8 - NUD_PROBE = 0x10 - NUD_FAILED = 0x20 - NUD_NOARP = 0x40 - NUD_PERMANENT = 0x80 - NUD_NONE = 0x0 - IFA_UNSPEC = 0x0 - IFA_ADDRESS = 0x1 - IFA_LOCAL = 0x2 - IFA_LABEL = 0x3 - IFA_BROADCAST = 0x4 - IFA_ANYCAST = 0x5 - IFA_CACHEINFO = 0x6 - IFA_MULTICAST = 0x7 - IFA_FLAGS = 0x8 - IFA_RT_PRIORITY = 0x9 - IFA_TARGET_NETNSID = 0xa - IFAL_LABEL = 0x2 - IFAL_ADDRESS = 0x1 - RT_SCOPE_UNIVERSE = 0x0 - RT_SCOPE_SITE = 0xc8 - RT_SCOPE_LINK = 0xfd - RT_SCOPE_HOST = 0xfe - RT_SCOPE_NOWHERE = 0xff - RT_TABLE_UNSPEC = 0x0 - RT_TABLE_COMPAT = 0xfc - RT_TABLE_DEFAULT = 0xfd - RT_TABLE_MAIN = 0xfe - RT_TABLE_LOCAL = 0xff - RT_TABLE_MAX = 0xffffffff - RTA_UNSPEC = 0x0 - RTA_DST = 0x1 - RTA_SRC = 0x2 - RTA_IIF = 0x3 - RTA_OIF = 0x4 - RTA_GATEWAY = 0x5 - RTA_PRIORITY = 0x6 - RTA_PREFSRC = 0x7 - RTA_METRICS = 0x8 - RTA_MULTIPATH = 0x9 - RTA_FLOW = 0xb - RTA_CACHEINFO = 0xc - RTA_TABLE = 0xf - RTA_MARK = 0x10 - RTA_MFC_STATS = 0x11 - RTA_VIA = 0x12 - RTA_NEWDST = 0x13 - RTA_PREF = 0x14 - RTA_ENCAP_TYPE = 0x15 - RTA_ENCAP = 0x16 - RTA_EXPIRES = 0x17 - RTA_PAD = 0x18 - RTA_UID = 0x19 - RTA_TTL_PROPAGATE = 0x1a - RTA_IP_PROTO = 0x1b - RTA_SPORT = 0x1c - RTA_DPORT = 0x1d - RTN_UNSPEC = 0x0 - RTN_UNICAST = 0x1 - RTN_LOCAL = 0x2 - RTN_BROADCAST = 0x3 - RTN_ANYCAST = 0x4 - RTN_MULTICAST = 0x5 - RTN_BLACKHOLE = 0x6 - RTN_UNREACHABLE = 0x7 - RTN_PROHIBIT = 0x8 - RTN_THROW = 0x9 - RTN_NAT = 0xa - RTN_XRESOLVE = 0xb - SizeofNlMsghdr = 0x10 - SizeofNlMsgerr = 0x14 - SizeofRtGenmsg = 0x1 - SizeofNlAttr = 0x4 - SizeofRtAttr = 0x4 - SizeofIfInfomsg = 0x10 - SizeofIfAddrmsg = 0x8 - SizeofIfAddrlblmsg = 0xc - SizeofIfaCacheinfo = 0x10 - SizeofRtMsg = 0xc - SizeofRtNexthop = 0x8 - SizeofNdUseroptmsg = 0x10 - SizeofNdMsg = 0xc + NDA_UNSPEC = 0x0 + NDA_DST = 0x1 + NDA_LLADDR = 0x2 + NDA_CACHEINFO = 0x3 + NDA_PROBES = 0x4 + NDA_VLAN = 0x5 + NDA_PORT = 0x6 + NDA_VNI = 0x7 + NDA_IFINDEX = 0x8 + NDA_MASTER = 0x9 + NDA_LINK_NETNSID = 0xa + NDA_SRC_VNI = 0xb + NTF_USE = 0x1 + NTF_SELF = 0x2 + NTF_MASTER = 0x4 + NTF_PROXY = 0x8 + NTF_EXT_LEARNED = 0x10 + NTF_OFFLOADED = 0x20 + NTF_ROUTER = 0x80 + NUD_INCOMPLETE = 0x1 + NUD_REACHABLE = 0x2 + NUD_STALE = 0x4 + NUD_DELAY = 0x8 + NUD_PROBE = 0x10 + NUD_FAILED = 0x20 + NUD_NOARP = 0x40 + NUD_PERMANENT = 0x80 + NUD_NONE = 0x0 + IFA_UNSPEC = 0x0 + IFA_ADDRESS = 0x1 + IFA_LOCAL = 0x2 + IFA_LABEL = 0x3 + IFA_BROADCAST = 0x4 + IFA_ANYCAST = 0x5 + IFA_CACHEINFO = 0x6 + IFA_MULTICAST = 0x7 + IFA_FLAGS = 0x8 + IFA_RT_PRIORITY = 0x9 + IFA_TARGET_NETNSID = 0xa + IFAL_LABEL = 0x2 + IFAL_ADDRESS = 0x1 + RT_SCOPE_UNIVERSE = 0x0 + RT_SCOPE_SITE = 0xc8 + RT_SCOPE_LINK = 0xfd + RT_SCOPE_HOST = 0xfe + RT_SCOPE_NOWHERE = 0xff + RT_TABLE_UNSPEC = 0x0 + RT_TABLE_COMPAT = 0xfc + RT_TABLE_DEFAULT = 0xfd + RT_TABLE_MAIN = 0xfe + RT_TABLE_LOCAL = 0xff + RT_TABLE_MAX = 0xffffffff + RTA_UNSPEC = 0x0 + RTA_DST = 0x1 + RTA_SRC = 0x2 + RTA_IIF = 0x3 + RTA_OIF = 0x4 + RTA_GATEWAY = 0x5 + RTA_PRIORITY = 0x6 + RTA_PREFSRC = 0x7 + RTA_METRICS = 0x8 + RTA_MULTIPATH = 0x9 + RTA_FLOW = 0xb + RTA_CACHEINFO = 0xc + RTA_TABLE = 0xf + RTA_MARK = 0x10 + RTA_MFC_STATS = 0x11 + RTA_VIA = 0x12 + RTA_NEWDST = 0x13 + RTA_PREF = 0x14 + RTA_ENCAP_TYPE = 0x15 + RTA_ENCAP = 0x16 + RTA_EXPIRES = 0x17 + RTA_PAD = 0x18 + RTA_UID = 0x19 + RTA_TTL_PROPAGATE = 0x1a + RTA_IP_PROTO = 0x1b + RTA_SPORT = 0x1c + RTA_DPORT = 0x1d + RTN_UNSPEC = 0x0 + RTN_UNICAST = 0x1 + RTN_LOCAL = 0x2 + RTN_BROADCAST = 0x3 + RTN_ANYCAST = 0x4 + RTN_MULTICAST = 0x5 + RTN_BLACKHOLE = 0x6 + RTN_UNREACHABLE = 0x7 + RTN_PROHIBIT = 0x8 + RTN_THROW = 0x9 + RTN_NAT = 0xa + RTN_XRESOLVE = 0xb + PREFIX_UNSPEC = 0x0 + PREFIX_ADDRESS = 0x1 + PREFIX_CACHEINFO = 0x2 + SizeofNlMsghdr = 0x10 + SizeofNlMsgerr = 0x14 + SizeofRtGenmsg = 0x1 + SizeofNlAttr = 0x4 + SizeofRtAttr = 0x4 + SizeofIfInfomsg = 0x10 + SizeofPrefixmsg = 0xc + SizeofPrefixCacheinfo = 0x8 + SizeofIfAddrmsg = 0x8 + SizeofIfAddrlblmsg = 0xc + SizeofIfaCacheinfo = 0x10 + SizeofRtMsg = 0xc + SizeofRtNexthop = 0x8 + SizeofNdUseroptmsg = 0x10 + SizeofNdMsg = 0xc ) type NlMsghdr struct { @@ -735,6 +740,22 @@ type IfInfomsg struct { Change uint32 } +type Prefixmsg struct { + Family uint8 + Pad1 uint8 + Pad2 uint16 + Ifindex int32 + Type uint8 + Len uint8 + Flags uint8 + Pad3 uint8 +} + +type PrefixCacheinfo struct { + Preferred_time uint32 + Valid_time uint32 +} + type IfAddrmsg struct { Family uint8 Prefixlen uint8 diff --git a/vendor/golang.org/x/sys/windows/aliases.go b/vendor/golang.org/x/sys/windows/aliases.go index 16f90560a..96317966e 100644 --- a/vendor/golang.org/x/sys/windows/aliases.go +++ b/vendor/golang.org/x/sys/windows/aliases.go @@ -8,5 +8,6 @@ package windows import "syscall" +type Signal = syscall.Signal type Errno = syscall.Errno type SysProcAttr = syscall.SysProcAttr diff --git a/vendor/golang.org/x/sys/windows/registry/key.go b/vendor/golang.org/x/sys/windows/registry/key.go index 39aeeb644..7cc6ff3af 100644 --- a/vendor/golang.org/x/sys/windows/registry/key.go +++ b/vendor/golang.org/x/sys/windows/registry/key.go @@ -198,7 +198,20 @@ type KeyInfo struct { // ModTime returns the key's last write time. func (ki *KeyInfo) ModTime() time.Time { - return time.Unix(0, ki.lastWriteTime.Nanoseconds()) + lastHigh, lastLow := ki.lastWriteTime.HighDateTime, ki.lastWriteTime.LowDateTime + // 100-nanosecond intervals since January 1, 1601 + hsec := uint64(lastHigh)<<32 + uint64(lastLow) + // Convert _before_ gauging; the nanosecond difference between Epoch (00:00:00 + // UTC, January 1, 1970) and Filetime's zero offset (January 1, 1601) is out + // of bounds for int64: -11644473600*1e7*1e2 < math.MinInt64 + sec := int64(hsec/1e7) - 11644473600 + nsec := int64(hsec%1e7) * 100 + return time.Unix(sec, nsec) +} + +// modTimeZero reports whether the key's last write time is zero. +func (ki *KeyInfo) modTimeZero() bool { + return ki.lastWriteTime.LowDateTime == 0 && ki.lastWriteTime.HighDateTime == 0 } // Stat retrieves information about the open key k. diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 738a9f212..d76643658 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -1490,20 +1490,6 @@ func Getgid() (gid int) { return -1 } func Getegid() (egid int) { return -1 } func Getgroups() (gids []int, err error) { return nil, syscall.EWINDOWS } -type Signal int - -func (s Signal) Signal() {} - -func (s Signal) String() string { - if 0 <= s && int(s) < len(signals) { - str := signals[s] - if str != "" { - return str - } - } - return "signal " + itoa(int(s)) -} - func LoadCreateSymbolicLink() error { return procCreateSymbolicLinkW.Find() } diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go index 680a70ca8..a6c17cf63 100644 --- a/vendor/golang.org/x/tools/go/packages/golist.go +++ b/vendor/golang.org/x/tools/go/packages/golist.go @@ -61,13 +61,42 @@ func (r *responseDeduper) addAll(dr *DriverResponse) { } func (r *responseDeduper) addPackage(p *Package) { - if r.seenPackages[p.ID] != nil { + if prev := r.seenPackages[p.ID]; prev != nil { + // Package already seen in a previous response. Merge the file lists, + // removing duplicates. This can happen when the same package appears + // in multiple driver responses that are being merged together. + prev.GoFiles = appendUniqueStrings(prev.GoFiles, p.GoFiles) + prev.CompiledGoFiles = appendUniqueStrings(prev.CompiledGoFiles, p.CompiledGoFiles) + prev.OtherFiles = appendUniqueStrings(prev.OtherFiles, p.OtherFiles) + prev.IgnoredFiles = appendUniqueStrings(prev.IgnoredFiles, p.IgnoredFiles) + prev.EmbedFiles = appendUniqueStrings(prev.EmbedFiles, p.EmbedFiles) + prev.EmbedPatterns = appendUniqueStrings(prev.EmbedPatterns, p.EmbedPatterns) return } r.seenPackages[p.ID] = p r.dr.Packages = append(r.dr.Packages, p) } +// appendUniqueStrings appends elements from src to dst, skipping duplicates. +func appendUniqueStrings(dst, src []string) []string { + if len(src) == 0 { + return dst + } + + seen := make(map[string]bool, len(dst)) + for _, s := range dst { + seen[s] = true + } + + for _, s := range src { + if !seen[s] { + dst = append(dst, s) + } + } + + return dst +} + func (r *responseDeduper) addRoot(id string) { if r.seenRoots[id] { return @@ -832,6 +861,8 @@ func golistargs(cfg *Config, words []string, goVersion int) []string { // go list doesn't let you pass -test and -find together, // probably because you'd just get the TestMain. fmt.Sprintf("-find=%t", !cfg.Tests && cfg.Mode&findFlags == 0 && !usesExportData(cfg)), + // VCS information is not needed when not printing Stale or StaleReason fields + "-buildvcs=false", } // golang/go#60456: with go1.21 and later, go list serves pgo variants, which diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go index b249a5c7e..412ba06b5 100644 --- a/vendor/golang.org/x/tools/go/packages/packages.go +++ b/vendor/golang.org/x/tools/go/packages/packages.go @@ -403,6 +403,10 @@ func mergeResponses(responses ...*DriverResponse) *DriverResponse { if len(responses) == 0 { return nil } + // No dedup needed + if len(responses) == 1 { + return responses[0] + } response := newDeduper() response.dr.NotHandled = false response.dr.Compiler = responses[0].Compiler diff --git a/vendor/knative.dev/pkg/observability/metrics/prometheus/server.go b/vendor/knative.dev/pkg/observability/metrics/prometheus/server.go index 9aa1db0c3..668b701d5 100644 --- a/vendor/knative.dev/pkg/observability/metrics/prometheus/server.go +++ b/vendor/knative.dev/pkg/observability/metrics/prometheus/server.go @@ -18,30 +18,41 @@ package prometheus import ( "context" + "crypto/tls" + "crypto/x509" "fmt" "net" "net/http" "os" "strconv" + "strings" "time" "github.com/prometheus/client_golang/prometheus/promhttp" + knativetls "knative.dev/pkg/network/tls" ) const ( defaultPrometheusPort = "9090" - defaultPrometheusReportingPeriod = 5 maxPrometheusPort = 65535 minPrometheusPort = 1024 defaultPrometheusHost = "" // IPv4 and IPv6 prometheusPortEnvName = "METRICS_PROMETHEUS_PORT" prometheusHostEnvName = "METRICS_PROMETHEUS_HOST" + prometheusTLSCertEnvName = "METRICS_PROMETHEUS_TLS_CERT" + prometheusTLSKeyEnvName = "METRICS_PROMETHEUS_TLS_KEY" + prometheusTLSClientAuthEnvName = "METRICS_PROMETHEUS_TLS_CLIENT_AUTH" + prometheusTLSClientCAFileEnvName = "METRICS_PROMETHEUS_TLS_CLIENT_CA_FILE" + // used with network/tls.DefaultConfigFromEnv. E.g. METRICS_PROMETHEUS_TLS_MIN_VERSION. + prometheusTLSEnvPrefix = "METRICS_PROMETHEUS_" ) type ServerOption func(*options) type Server struct { - http *http.Server + http *http.Server + certFile string + keyFile string } func NewServer(opts ...ServerOption) (*Server, error) { @@ -56,11 +67,27 @@ func NewServer(opts ...ServerOption) (*Server, error) { envOverride(&o.host, prometheusHostEnvName) envOverride(&o.port, prometheusPortEnvName) + envOverride(&o.certFile, prometheusTLSCertEnvName) + envOverride(&o.keyFile, prometheusTLSKeyEnvName) + envOverride(&o.clientAuth, prometheusTLSClientAuthEnvName) + envOverride(&o.clientCAFile, prometheusTLSClientCAFileEnvName) if err := validate(&o); err != nil { return nil, err } + var tlsConfig *tls.Config + if o.certFile != "" && o.keyFile != "" { + cfg, err := knativetls.DefaultConfigFromEnv(prometheusTLSEnvPrefix) + if err != nil { + return nil, err + } + if err := applyPrometheusClientAuth(cfg, &o); err != nil { + return nil, err + } + tlsConfig = cfg + } + mux := http.NewServeMux() mux.Handle("GET /metrics", promhttp.Handler()) @@ -68,16 +95,34 @@ func NewServer(opts ...ServerOption) (*Server, error) { return &Server{ http: &http.Server{ - Addr: addr, - Handler: mux, + Addr: addr, + Handler: mux, + TLSConfig: tlsConfig, // https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6 ReadHeaderTimeout: 5 * time.Second, }, + certFile: o.certFile, + keyFile: o.keyFile, }, nil } -func (s *Server) ListenAndServe() { - s.http.ListenAndServe() +// ListenAndServe starts the metrics server on plain HTTP. +func (s *Server) ListenAndServe() error { + return s.http.ListenAndServe() +} + +// ListenAndServeTLS starts the metrics server on TLS (HTTPS) using the given certificate and key files. +func (s *Server) ListenAndServeTLS(certFile, keyFile string) error { + return s.http.ListenAndServeTLS(certFile, keyFile) +} + +// Serve starts the metrics server, choosing TLS or plain HTTP based on the server configuration. +// If both METRICS_PROMETHEUS_TLS_CERT and METRICS_PROMETHEUS_TLS_KEY are set, it calls ListenAndServeTLS +func (s *Server) Serve() error { + if s.certFile != "" && s.keyFile != "" { + return s.http.ListenAndServeTLS(s.certFile, s.keyFile) + } + return s.http.ListenAndServe() } func (s *Server) Shutdown(ctx context.Context) error { @@ -85,8 +130,12 @@ func (s *Server) Shutdown(ctx context.Context) error { } type options struct { - host string - port string + host string + port string + certFile string + keyFile string + clientAuth string + clientCAFile string } func WithHost(host string) ServerOption { @@ -113,6 +162,33 @@ func validate(o *options) error { port, minPrometheusPort, maxPrometheusPort) } + if (o.certFile != "" && o.keyFile == "") || (o.certFile == "" && o.keyFile != "") { + return fmt.Errorf("both %s and %s must be set or neither", prometheusTLSCertEnvName, prometheusTLSKeyEnvName) + } + + tlsEnabled := o.certFile != "" && o.keyFile != "" + auth := strings.TrimSpace(strings.ToLower(o.clientAuth)) + + if auth != "" && auth != "none" && auth != "optional" && auth != "require" { + return fmt.Errorf("invalid %s %q: must be %q, %q, or %q", + prometheusTLSClientAuthEnvName, o.clientAuth, "none", "optional", "require") + } + + if !tlsEnabled && ((auth != "" && auth != "none") || o.clientCAFile != "") { + return fmt.Errorf("%s and %s require TLS to be enabled (%s and %s must be set)", + prometheusTLSClientAuthEnvName, prometheusTLSClientCAFileEnvName, prometheusTLSCertEnvName, prometheusTLSKeyEnvName) + } + + if tlsEnabled && (auth == "optional" || auth == "require") && strings.TrimSpace(o.clientCAFile) == "" { + return fmt.Errorf("%s must be set when %s is %q (client certs cannot be validated without a CA)", + prometheusTLSClientCAFileEnvName, prometheusTLSClientAuthEnvName, auth) + } + + if tlsEnabled && (auth == "" || auth == "none") && strings.TrimSpace(o.clientCAFile) != "" { + return fmt.Errorf("%s is set but %s is %q; set %s to %q or %q to use client certificate verification", + prometheusTLSClientCAFileEnvName, prometheusTLSClientAuthEnvName, auth, prometheusTLSClientAuthEnvName, "optional", "require") + } + return nil } @@ -122,3 +198,36 @@ func envOverride(target *string, envName string) { *target = val } } + +// applyPrometheusClientAuth configures mTLS (client certificate verification) on cfg. +// o.clientAuth and o.clientCAFile are populated from env vars; validate() has already checked them. +func applyPrometheusClientAuth(cfg *tls.Config, o *options) error { + v := strings.TrimSpace(strings.ToLower(o.clientAuth)) + if v == "" || v == "none" { + return nil + } + + var clientAuth tls.ClientAuthType + switch v { + case "optional": + clientAuth = tls.VerifyClientCertIfGiven + case "require": + clientAuth = tls.RequireAndVerifyClientCert + } + + caFile := strings.TrimSpace(o.clientCAFile) + if caFile != "" { + pem, err := os.ReadFile(caFile) + if err != nil { + return fmt.Errorf("reading %s: %w", prometheusTLSClientCAFileEnvName, err) + } + pool := x509.NewCertPool() + if !pool.AppendCertsFromPEM(pem) { + return fmt.Errorf("no valid CA certificates found in %s", prometheusTLSClientCAFileEnvName) + } + cfg.ClientCAs = pool + } + + cfg.ClientAuth = clientAuth + return nil +} diff --git a/vendor/knative.dev/pkg/observability/metrics/prometheus_enabled.go b/vendor/knative.dev/pkg/observability/metrics/prometheus_enabled.go index ed4082574..f3f81fdd6 100644 --- a/vendor/knative.dev/pkg/observability/metrics/prometheus_enabled.go +++ b/vendor/knative.dev/pkg/observability/metrics/prometheus_enabled.go @@ -20,8 +20,10 @@ package metrics import ( "context" + "errors" "fmt" "net" + "net/http" "github.com/prometheus/otlptranslator" otelprom "go.opentelemetry.io/otel/exporters/prometheus" @@ -55,10 +57,15 @@ func buildPrometheus(_ context.Context, cfg Config) (sdkmetric.Reader, shutdownF } server, err := prometheus.NewServer(opts...) + if err != nil { + return nil, noopFunc, fmt.Errorf("create prometheus metrics server: %w", err) + } go func() { - server.ListenAndServe() + if err := server.Serve(); err != nil && !errors.Is(err, http.ErrServerClosed) { + fmt.Printf("metrics server error: %v\n", err) + } }() - return r, server.Shutdown, err + return r, server.Shutdown, nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 9a66c5aec..a162b6d50 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -297,12 +297,12 @@ go.yaml.in/yaml/v2 # go.yaml.in/yaml/v3 v3.0.4 ## explicit; go 1.16 go.yaml.in/yaml/v3 -# golang.org/x/mod v0.33.0 -## explicit; go 1.24.0 +# golang.org/x/mod v0.34.0 +## explicit; go 1.25.0 golang.org/x/mod/internal/lazyregexp golang.org/x/mod/module golang.org/x/mod/semver -# golang.org/x/net v0.51.0 +# golang.org/x/net v0.52.0 ## explicit; go 1.25.0 golang.org/x/net/http/httpguts golang.org/x/net/http2 @@ -322,17 +322,17 @@ golang.org/x/oauth2/internal # golang.org/x/sync v0.20.0 ## explicit; go 1.25.0 golang.org/x/sync/errgroup -# golang.org/x/sys v0.41.0 -## explicit; go 1.24.0 +# golang.org/x/sys v0.42.0 +## explicit; go 1.25.0 golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows golang.org/x/sys/windows/registry -# golang.org/x/term v0.40.0 -## explicit; go 1.24.0 +# golang.org/x/term v0.41.0 +## explicit; go 1.25.0 golang.org/x/term -# golang.org/x/text v0.34.0 -## explicit; go 1.24.0 +# golang.org/x/text v0.35.0 +## explicit; go 1.25.0 golang.org/x/text/cases golang.org/x/text/internal golang.org/x/text/internal/language @@ -346,8 +346,8 @@ golang.org/x/text/unicode/norm # golang.org/x/time v0.10.0 ## explicit; go 1.18 golang.org/x/time/rate -# golang.org/x/tools v0.42.0 -## explicit; go 1.24.0 +# golang.org/x/tools v0.43.0 +## explicit; go 1.25.0 golang.org/x/tools/go/ast/astutil golang.org/x/tools/go/ast/edge golang.org/x/tools/go/ast/inspector @@ -922,7 +922,7 @@ knative.dev/networking/pkg/http knative.dev/networking/pkg/http/header knative.dev/networking/pkg/http/proxy knative.dev/networking/pkg/http/stats -# knative.dev/pkg v0.0.0-20260314220421-b3fe2e572de3 +# knative.dev/pkg v0.0.0-20260316154451-5d1c12d99335 ## explicit; go 1.25.0 knative.dev/pkg/apis knative.dev/pkg/apis/duck @@ -962,7 +962,7 @@ knative.dev/pkg/signals knative.dev/pkg/system knative.dev/pkg/tracker knative.dev/pkg/websocket -# knative.dev/serving v0.48.1-0.20260313135630-f698e61bf739 +# knative.dev/serving v0.48.1-0.20260316224151-10d950c3a0d7 ## explicit; go 1.25.0 knative.dev/serving/pkg/activator knative.dev/serving/pkg/apis/autoscaling